DNS TXT records for SPF / DMARC not propogating

I added three TXT records to my DNS zone yesterday to support SPF and DMARC. I’ve been using an external SPF checker ever since to validate that everything is right, but the site continues to claim that there are no SPF records defined for my domain. I’m starting to think that the changes are not propagating out. Everything I read said that DNS entries from Cloudflare should become live very quickly (like 5 minutes). I waited overnight to see if there was a schedule “push” for the zone replication, but still nothing today. Is there somewhere I have to publish or activate these changes beyond just creating the entries? Thanks!

Which records have you exactly set up?

TXT spf v=spf1 include:_spf.hushmail.com -all|

The second entry is a TXT record for DMARC (which I can’t post here because the user community thinks it contains links because of the email / domain names included.

A third entry like these two is another TXT record with the domain key for Hushmail

Sorry, but that’s still useless :wink:

You need to post the domain of course. Plus, it’s best you post a screenshot of you records.

Disregard please. I don’t care for help from people who immediately jump to “useless” in the body of a reply. I’m not some kind of DNS noob. Just trying to find a way to verify that records are pushing out. I’ll just move my DNS records to another free provider and give up on Cloudflare.

Fair enough, your choice. If someone asks for help, one would usually assume that person tries to provide all the information necessary to help them. Apparently that’s not the case.

I can only provide information within the limitations of this forum (which seem to be many). I can’t just post a screen grab because of the way the data is formatted on screen in Cloudflare’s UI. It would be truncated and you wouldn’t be able to see the full values of the entries anyway. Thanks for trying.

Hence why I asked for the domain and the exact records.

Yes, there are quite a few limitations and they are thanks to spammers. You can post your domain with four spaces prefixed.

And a screenshot usually does contain all the necessary information.

Well, I assume you are not sending from @spf.yenrab.com, so that record does not have the right name to begin with. Name that like the domain.

As for the other records, they are all in place as well - DNS Checker - DNS Check Propagation Tool

So I was following the settings that hushmail provided in this guide for the SPF entry:

Forgive my ignorance, but I’m not sure I follow your explanation of naming it like the domain. I’m clearly missing something … just not sure what exactly. Thanks again.

The spf record must not be named “spf” but must be named after your domain.

Plus, your DKIM record does not seem to be correct either. You best delete the records and set them up from scratch.

As far as Cloudflare is concerned, everything works as you configured it.

Okay - thanks. I’ll give it another shot. The provider (Hushmail) actually emailed me the exact three records they wanted me to create including how to name them. I’ll delete them and see if I can just use the Cloudflare wizard to help create them from scratch.

Sure, if there are any other things to clarify you best concact your provider, as they know what records they need and they can verify that. Cloudflare is not involved here apart from managing the records (which do work).

1 Like

That did the trick - thank you again. Seems like that was bad information that came from my hosting provider. I updated the name as you suggested, and now it is passing the SPF checks.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.